github actions (deps): bump actions/cache from 4.3.0 to 5.0.4 #330
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: pull-request | |
| on: | |
| pull_request: | |
| branches: | |
| - develop | |
| jobs: | |
| tox: | |
| strategy: | |
| matrix: | |
| python-version: ["3.10", "3.11", "3.12", "3.13", "3.14"] | |
| runs-on: ubuntu-latest | |
| if: github.repository == 'NHSDigital/mesh-client' | |
| steps: | |
| - name: checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| with: | |
| fetch-depth: 0 | |
| - name: print branch info | |
| run: | | |
| git branch | |
| echo "GITHUB_HEAD_REF=${GITHUB_HEAD_REF}" | |
| echo "GITHUB_BASE_REF=${GITHUB_BASE_REF}" | |
| git log --oneline -n 10 | |
| - name: clean | |
| run: | | |
| git clean -fdx | |
| find . -type f | xargs chmod g+w | |
| - name: merge into base_branch | |
| if: ${{ github.event_name == 'pull_request' }} | |
| run: | | |
| echo base branch "${{ github.base_ref }}" | |
| echo "pr branch ${GITHUB_HEAD_REF}" | |
| git checkout "${{ github.base_ref }}" | |
| git checkout -b "merging-${{ github.event.number }}" | |
| git merge --ff-only "${{ github.event.pull_request.head.sha }}" | |
| - name: setup python | |
| uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| - name: start docker containers | |
| run: make up | |
| - name: install dependencies | |
| run: pip install tox tox-gh-actions | |
| - name: tox | |
| run: tox | |
| - name: stop docker containers | |
| if: success() || failure() | |
| run: make down | |
| coverage: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| checks: write | |
| pull-requests: write | |
| if: github.repository == 'NHSDigital/mesh-client' | |
| steps: | |
| - name: checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| with: | |
| fetch-depth: 0 | |
| - name: print branch info | |
| run: | | |
| git branch | |
| echo "GITHUB_HEAD_REF=${GITHUB_HEAD_REF}" | |
| echo "GITHUB_BASE_REF=${GITHUB_BASE_REF}" | |
| git log --oneline -n 10 | |
| - name: clean | |
| run: | | |
| git clean -fdx | |
| find . -type f | xargs chmod g+w | |
| - name: secrets-check | |
| run: make check-secrets | |
| - name: merge into base_branch | |
| if: ${{ github.event_name == 'pull_request' }} | |
| run: | | |
| echo base branch "${{ github.base_ref }}" | |
| echo "pr branch ${GITHUB_HEAD_REF}" | |
| git checkout "${{ github.base_ref }}" | |
| git checkout -b "merging-${{ github.event.number }}" | |
| git merge --ff-only "${{ github.event.pull_request.head.sha }}" | |
| - name: setup python | |
| uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6 | |
| with: | |
| python-version-file: 'pyproject.toml' | |
| - name: setup poetry | |
| uses: abatilo/actions-poetry@3765cf608f2d4a72178a9fc5b918668e542b89b1 | |
| with: | |
| poetry-version: 2.1.3 | |
| - name: add poetry plugins | |
| run: | | |
| poetry self add "poetry-dynamic-versioning[plugin]" | |
| - name: cache virtualenv | |
| uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 | |
| with: | |
| path: | | |
| .venv | |
| key: ${{ runner.os }}-v3-poetry-py${{ steps.setup-python.outputs.python-version }}-${{ hashFiles('./poetry.lock') }} | |
| - name: git reset | |
| run: git reset --hard | |
| - name: install dependencies | |
| run: make install-ci | |
| - name: black | |
| run: make black-check | |
| - name: start docker containers | |
| run: make up | |
| - name: code coverage | |
| run: make coverage-ci | |
| - name: code coverage report | |
| if: ${{ github.event_name == 'pull_request' }} | |
| uses: orgoro/coverage@3f13a558c5af7376496aa4848bf0224aead366ac | |
| with: | |
| coverageFile: reports/coverage.xml | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| thresholdAll: 0.70 | |
| - name: setup java | |
| if: github.actor != 'dependabot[bot]' && (success() || failure()) | |
| uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5 | |
| with: | |
| distribution: "corretto" | |
| java-version: "17" | |
| - name: provision sonar-scanner | |
| if: github.actor != 'dependabot[bot]' && (success() || failure()) | |
| run: | | |
| export SONAR_VERSION="5.0.1.3006" | |
| wget -q --max-redirect=0 "https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${SONAR_VERSION}.zip" -O sonar-scanner.zip | |
| unzip -q ./sonar-scanner.zip | |
| mv ./sonar-scanner-${SONAR_VERSION} ./sonar-scanner | |
| scripts/sonar_tests.py | |
| - name: run sonar scan | |
| if: github.actor != 'dependabot[bot]' && (success() || failure()) | |
| run: | | |
| PATH="$PWD/sonar-scanner/bin:$PATH" | |
| if [[ "${{ github.event_name }}" == "pull_request" ]]; then | |
| git checkout "${GITHUB_HEAD_REF}" | |
| sonar-scanner -Dsonar.pullrequest.branch="{{ github.event.pull_request.head.sha }}" -Dsonar.pullrequest.base="{{ github.event.pull_request.base.sha }}" -Dsonar.pullrequest.key="${{ github.event.number }}" | |
| else | |
| sonar-scanner | |
| fi | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| - name: archive reports | |
| if: github.actor != 'dependabot[bot]' && (success() || failure()) | |
| uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 | |
| with: | |
| name: reports | |
| path: reports/**/* | |
| - name: publish junit reports | |
| if: success() || failure() | |
| uses: mikepenz/action-junit-report@a294a61c909bd8a4b563024a2faa28897fd53ebc | |
| with: | |
| check_name: junit reports | |
| report_paths: reports/junit/*.xml | |
| - name: stop docker containers | |
| if: success() || failure() | |
| run: make down | |
| lint: | |
| runs-on: ubuntu-latest | |
| if: github.repository == 'NHSDigital/mesh-client' | |
| steps: | |
| - name: checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| with: | |
| fetch-depth: 0 | |
| - name: clean | |
| run: | | |
| git clean -fdx | |
| - name: secrets-check | |
| run: make check-secrets | |
| - name: merge into base_branch | |
| if: ${{ github.event_name == 'pull_request' }} | |
| run: | | |
| echo base branch "${{ github.base_ref }}" | |
| echo "pr branch ${GITHUB_HEAD_REF}" | |
| git checkout "${{ github.base_ref }}" | |
| git checkout -b "merging-${{ github.event.number }}" | |
| git merge --ff-only "${{ github.event.pull_request.head.sha }}" | |
| - name: setup python | |
| uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6 | |
| with: | |
| python-version-file: 'pyproject.toml' | |
| - name: setup poetry | |
| uses: abatilo/actions-poetry@3765cf608f2d4a72178a9fc5b918668e542b89b1 | |
| with: | |
| poetry-version: 2.1.3 | |
| - name: add poetry plugins | |
| run: | | |
| poetry self add "poetry-dynamic-versioning[plugin]" | |
| - name: cache virtualenv | |
| uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 | |
| with: | |
| path: | | |
| .venv | |
| key: ${{ runner.os }}-v3-poetry-py${{ steps.setup-python.outputs.python-version }}-${{ hashFiles('./poetry.lock') }} | |
| - name: git reset | |
| run: git reset --hard | |
| - name: install dependencies | |
| run: make install-ci | |
| - name: black | |
| run: make black-check | |
| - name: ruff | |
| run: make ruff-ci | |
| - name: mypy | |
| run: make mypy | |
| - name: shellcheck | |
| uses: ludeeus/action-shellcheck@00cae500b08a931fb5698e11e79bfbd38e612a38 | |
| with: | |
| ignore_paths: .venv build | |
| ignore_names: git-secrets | |
| env: | |
| SHELLCHECK_OPTS: -f gcc -e SC1090,SC1091 | |
| - name: test next version | |
| run: | | |
| version="v$(poetry version patch | rev | cut -d' ' -f1 | rev)" | |
| echo "RELEASE_VERSION=$version" >> $GITHUB_ENV | |
| echo "${version}" | |
| publish: | |
| runs-on: ubuntu-latest | |
| if: github.repository == 'NHSDigital/mesh-client' && github.actor != 'dependabot[bot]' | |
| needs: | |
| - coverage | |
| - lint | |
| - tox | |
| steps: | |
| - name: checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| with: | |
| fetch-depth: 0 | |
| - name: print branch info | |
| run: | | |
| git branch | |
| echo "GITHUB_HEAD_REF=${GITHUB_HEAD_REF}" | |
| echo "GITHUB_BASE_REF=${GITHUB_BASE_REF}" | |
| git log --oneline -n 10 | |
| - name: clean | |
| run: | | |
| git clean -fdx | |
| find . -type f | xargs chmod g+w | |
| - name: merge into base_branch | |
| if: ${{ github.event_name == 'pull_request' }} | |
| run: | | |
| echo base branch "${{ github.base_ref }}" | |
| echo "pr branch ${GITHUB_HEAD_REF}" | |
| git checkout "${{ github.base_ref }}" | |
| git checkout -b "merging-${{ github.event.number }}" | |
| git merge --ff-only "${{ github.event.pull_request.head.sha }}" | |
| - name: setup python | |
| uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6 | |
| with: | |
| python-version-file: 'pyproject.toml' | |
| - name: setup poetry | |
| uses: abatilo/actions-poetry@3765cf608f2d4a72178a9fc5b918668e542b89b1 | |
| with: | |
| poetry-version: 2.1.3 | |
| - name: add poetry plugins | |
| run: | | |
| poetry self add "poetry-dynamic-versioning[plugin]" | |
| poetry self add poetry-plugin-export | |
| - name: build dist | |
| run: | | |
| RELEASE_VERSION="$(poetry version prepatch | rev | cut -d' ' -f1 | rev | sed -E 's/0+$//' )$(date '+%Y%m%d%H%M%S')" | |
| echo "${RELEASE_VERSION}" | |
| echo "RELEASE_VERSION=${RELEASE_VERSION}" >> $GITHUB_ENV | |
| if [[ "${RELEASE_VERSION}" == "0.0.0" ]]; then | |
| echo "${RELEASE_VERSION} = 0.0.0" | |
| exit 1 | |
| fi | |
| RELEASE_VERSION="${RELEASE_VERSION}" make dist | |
| ls -l dist | |
| - name: test publish | |
| uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e | |
| with: | |
| password: ${{ secrets.TEST_PYPI_TOKEN }} | |
| repository-url: https://test.pypi.org/legacy/ | |
| - name: sleep while waiting for pyPI | |
| run: sleep 30 | |
| - name: install and test | |
| run: | | |
| poetry export -f requirements.txt -o requirements.txt | |
| python3 -m pip install -r requirements.txt | |
| python3 -m pip install --index-url https://test.pypi.org/simple/ "mesh-client==${RELEASE_VERSION}" | |
| INSTALLED_VERSION="$(python3 -c 'import mesh_client; print(mesh_client.__version__)')" | |
| if [[ "${INSTALLED_VERSION}" != "${RELEASE_VERSION}" ]]; then | |
| echo "${INSTALLED_VERSION} != ${RELEASE_VERSION}" | |
| exit 1 | |
| fi | |
| slack-notification: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - coverage | |
| - lint | |
| - tox | |
| if: ${{ always() && github.repository == 'NHSDigital/mesh-client' && github.actor == 'dependabot[bot]' && contains(needs.*.result, 'failure') }} | |
| steps: | |
| - name: Slack Notification | |
| uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a | |
| with: | |
| webhook: ${{ secrets.DEPENDABOT_SLACK_WEBHOOK_URL }} | |
| webhook-type: incoming-webhook | |
| payload: | | |
| { | |
| "blocks": [ | |
| { | |
| "type": "header", | |
| "text": { | |
| "type": "plain_text", | |
| "text": ":alarm: DEPENDABOT PR FAILED :alarm:", | |
| "emoji": true | |
| } | |
| }, | |
| { | |
| "type": "section", | |
| "text": { | |
| "type": "mrkdwn", | |
| "text": "Checks failed for ${{ github.repository }}:${{ github.ref }} in <https://github.com/${{ github.repository }}/pull/${{ github.event.number }}|PR #${{ github.event.number }}>" | |
| } | |
| } | |
| ] | |
| } |